CVE-2020-2490Command Injection in Systems INC QTS

CWE-77Command InjectionCWE-78OS Command Injection3 documents3 sources
Severity
7.2HIGHNVD
EPSS
1.0%
top 22.77%
CISA KEV
Not in KEV
Exploit
No known exploits
Affected products
2
Qnap Systems INC QTSQnap QTS
Timeline
PublishedNov 16
Latest updateMay 24

Description

If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands. This issue affects: QNAP Systems Inc. QTS versions prior to 4.4.3.1421 on build 20200907.

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:HExploitability: 1.2 | Impact: 5.9

Affected Packages2 packages

CVEListV5qnap_systems_inc/qtsunspecified4.4.3.1421
NVDqnap/qts< 4.4.3.1421

🔴Vulnerability Details

2
GHSA
GHSA-2q45-953f-m2g9: If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands2022-05-24
CVEList
CVE-2020-2490: If exploited, the command injection vulnerability could allow remote attackers to execute arbitrary commands2020-11-16
CVE-2020-2490 — Command Injection in Systems INC QTS | cvebase